This preview shows page 1. Sign up to view the full content.
Unformatted text preview: m (such as MD5 or SHA). It also defines cryptographic attributes such as the
hash_size. • Master secret
— A 48-byte secret shared between the client and server. • Is Resumable
— A flag indicating whether the session can be used to initiate new connections. VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 35 35 VPN, IPSec and TLS Connection Parameters
• Server and client random
— Byte sequences that are chosen by the server and client for each connection. • Server write MAC secret
— The secret key used in MAC operations on data written by the server. • Client write MAC secret
— The secret key used in MAC operations on data written by the client. • Server write key
— The symmetric cipher key used by the server to encipher data and by the client to
decipher it. • Client write key
— The symmetric cipher key used by the client to encipher data and by the server to
decipher it. • Initialization vectors
— When a block cipher in CBC mode is used, an initialization vector (IV) is maintained for
each key. • Sequence numbers
— Sequence numbers maintained by each party for transmitted and received messages.
VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 36 36 VPN, IPSec and TLS TLS Record Protocol
• The TLS Record Protocol provides connection security that has the
following four basic properties: — The connection is private. Symmetric encryption (e.g., AES, DES, RC4, etc.)
is used for data encryption, after an initial handshake in which a pre-master
secret key is defined.
— The negotiation of a shared secret is secure.
– No attacker can modify the negotiation communication without being
detected by the parties to the communication.
— The peer's identity can be authenticated using asymmetric or public key
cryptography (e.g., RSA, DSS, etc.).
— The connection is reliable.
– Message transport includes a message integrity check using a keyed
– HMAC can be used with a variety of different hash algorithms, but TLS
uses MD5 and SHA-1, denoting these as HMAC_MD5(secret, data) and
HMAC_SHA(secret, data). VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 37 37 VPN, IPSec and TLS TLS R...
View Full Document
- Spring '10